:: Re: [DNG] KUserFeedback
Página Principal
Delete this message
Reply to this message
Autor: tito
Data:  
Para: dng
Tópicos Novos: Re: [DNG] AppArmor
Assunto: Re: [DNG] KUserFeedback
On Sun, 05 Sep 2021 08:00:51 -0600
Gabe Stanton via Dng <dng@???> wrote:

> On Sun, 2021-09-05 at 12:54 +0200, tito via Dng wrote:
> > Hi,
> > I'm not very fond of apparmor for various reasons:
> >
> > 1) I experienced unexpected behavior of programs
> >       silently failing to do something (log, run, etc)
> >       because the apparmor profile was wrong/bugged

>
> I experienced the same, as my first introduction to AppArmor, and a
> couple times more before I did the same as you and purged it.
>
> >
> > 2) unless you study every code path in the program you want to
> >     supervise the profiles used will not be safe but nobody really
> > cares
> >      (e.g. maintainer adds a profile that works with the default
> > setup
> >      of the distro (....if it really works))   

>
> This is a great point and probably the biggest reason I remain unsure
> about it, combined with the level of permissions it controls, it's like
> giving another root-level program access to every bit of processing
> that happens. Yes all programs have code that need to be understood to
> be trusted, but a program with root-level authority that polices all
> other programs....I need to understand that program a lot better,
> before trusting it, than I do basically any other program. Maybe there
> are flaws in that thinking, but unless I misunderstand the level of
> permission and control AppArmor has, I'm right to be weary of it.
>
> Also, the fact that it comes by default, and is enabled by default, and
> has those permissions and capabilities, to me, that's the kind of
> program that is likely to be exploited in the future, assuming it's not
> exploited now and that the dev's or the project are exploitable one way
> or another. The fact that it has such permissions and is enabled by
> default, and that it was introduced recently, all of those things
> justify suspicion as far as I'm concerned. To my unprofessional but
> suspicious eyes, it reminds me of systemd.
>
> Maybe we're wrong, but until we take the time to look at and understand
> every line of code, and get to know the project, it seems far safer to
> rely on things like firewalls and other trusted security tools.
>
>
> Gabe
>

Hi,

one stupid question that struck my mind right now could
apparmor control itself?
could you write an apparmor profile to limit what apparmor
is doing?

Ciao,
Tito